From: Patrick McHardy Sent: 1/9/2006 4:24:18 PM > Kris Katterjohn wrote: > > This makes the filter length in sk_chk_filter() unsigned as it should be. > > > > Signed-off-by: Kris Katterjohn <[EMAIL PROTECTED]> > > > > This is a diff from 2.6.15. > > > > The length should never be negative, and if the length were negative, the > > for > > loop would fail. > > > > > - if (ftest->k >= (unsigned)(flen-pc-1)) > > + if (ftest->k >= flen - pc - 1) > > NAK. The subtraction makes the whole expressions signed, so > a very large ftest->k is interpreted as a negative number > and passes the test.
Okey-dokey. Against git5: --- x/net/core/filter.c 2006-01-09 12:17:03.000000000 -0600 +++ y/net/core/filter.c 2006-01-09 18:19:07.000000000 -0600 @@ -289,10 +289,10 @@ load_b: * * Returns 0 if the rule set is legal or a negative errno code if not. */ -int sk_chk_filter(struct sock_filter *filter, int flen) +int sk_chk_filter(struct sock_filter *filter, unsigned int flen) { struct sock_filter *ftest; - int pc; + unsigned int pc; if (flen == 0 || flen > BPF_MAXINSNS) return -EINVAL; --- x/include/linux/filter.h 2006-01-09 12:16:58.000000000 -0600 +++ y/include/linux/filter.h 2006-01-09 18:19:28.000000000 -0600 @@ -145,7 +145,7 @@ struct sock; extern unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen); extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); -extern int sk_chk_filter(struct sock_filter *filter, int flen); +extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen); #endif /* __KERNEL__ */ #endif /* __LINUX_FILTER_H__ */ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html